Securing API Endpoints so that only my bubble app can get access
Hey everyone!
My bubble app uses API Endpoints from XANO for example to delete or create data in different databases.
How can I ensure, that only my bubble app has access to these API Endpoints?
Are there any tutorials / videos on how to do that?
Thanks in advance for any help!
Comments
-
Bubble routes all transactions through its server, so you can check for the Bubble IP range or set a custom header at the API connector level. IP checking is easier to implement (the header is already there) but you run into some work and risk covering the changing range of AWS IP addresses. The custom header with a known key (some random value) is more certain, but takes a bit more work to set up.
If you use @Eli Beachy‘s plugin, Bubble is no longer routing your connections - traffic comes from your client instead. At that point, you want to make sure these endpoints are secured with authentication, such as Xano’s built-in auth. I think @Chris Coleman made a video covering endpoint-hardening techniques in more detail on the Xano youtube channel.
Categories
- All Categories
- 53 ? Announcements
- 47 ? Releases
- 37 ? Welcome
- 983 ? Help! I'm a Noob
- 125 ? No-Code Front-Ends
- 633 ? Working with APIs
- 439 ? Transforming data
- 126 ? Connect Xano to ...
- 50 ?? Find an Expert
- 348 ❓Other questions
- 35 ? Security
- 22 ✂️ Snippets
- 19 ? Showcase
- 7 ?️ Xano Chatter
- 62 ? Video Tutorials
- 171 ? Request a feature
- 229 ? Report a Bug
- 19 ? Templates & Extensions
- 7 ? Feedback